14 DAY TRIAL // BitDefender has unveiled a new spam method employed by attackers to deliver an "extremely dangerous" trojan, as the company classified the malware. The hijackers use the name of FedEx, the famous company that, among other things, works in the currier shipping business. Pretending to be part of the company’s staff, the attackers send emails in which they tell people that a package sent to them has been lost. To be able to collect it, users are advised to download an attached invoice, which, in fact, is a file that hosts a trojan.
The malware, known under the name of Trojan.Spy.ZBot, was especially designed to help hijackers launch phishing attacks aimed at intercepting e-banking account information. By creating a registry entry into the affected machine, the trojan launches each time Windows starts. Immediately after unwary users download the trojan, the malware affects the winlogon.exe and iexplorer.exe processes. The trojan allows remote access to the infected machine, which stores sensitive data to be then deployed by the attacker.
"ZBot and its family have an increased damage potential, as they are able to deactivate the firewall, steal sensitive financial data such as credit card and account numbers, as well as login details, make screenshots and create logs of current working sessions," says Sorin Dudea, Head of BitDefender AntiMalware Research.
"In addition, it is capable of downloading supplemental components and providing a remote e-criminal with the means to access the compromised system. Hence, we strongly recommend you not to open these e-mails and their attachments and to install and activate a reliable antimalware, firewall and spam filter solution," advises the researcher.
A similar version of spam attack was discovered by the Secure Computing labs two weeks ago. Although they weren't using the name of FedEx, in that case too attackers also relied on people's eagerness to receive a mysterious package allegedly sent to them over one month before that.